[xani_]

You will just have a bunch of random false positives that get blocked and never come back. Even before VPN a lot of ISPs gave you dynamic IP that changed anywhere from every few weeks to daily, to each reconnect. Same with any public access point

Same with carrier grade NAT, IP stopped being good way to block things long time ago. About the only use is "this IP is DoSing me now, block it for few hours".

There are few other methods, all of them intrusive on privacy. Generating fingerprint of browser and blocking based on that might work for the clueless users but dedicated ones will go around it. Making using one of the popular SSO logins is one option (at least banning-wise) but that's a lot of work